Consistent high CPU usage / svchost.exe Diagnostic Policy Service

Sovjohn · 19 Apr 2018

Hello,

For a few days now my office desktop has been pretty much running non-stop a svchost.exe process which is linked to Diagnostic Policy Service and seems to consume approximately 25-30% of my CPU max speed.

While the PC isn't doing much CPU-wise, this process forces the CPU to run at max speed at all times and the fan to become loud as well.

I ran sfc and dism and nothing came back as erroneous. Event logs aren't flooded with any mysterious messages.

This service seems to store a ton of logs at C:\Windows\System32\sru as well, many thousands of them in the last few days.

Any ideas on what might have caused this? Thanks!

Borg 386 · 19 Apr 2018

Couldn't say what's causing it, but there's a couple good tools you can use to do some investigating. They're also free :)

Process Explorer - Windows Sysinternals | Microsoft Docs

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Also, you can have VirusTotal check the processes running to see if anything is suspicious or infected.

To do this, launch the program, click on Options / VirusTotal.com / check the space next to VirusTotal.com. Agree to the terms & the results will show up in the VirusTotal column

Process Monitor - Windows Sysinternals | Microsoft Docs

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Hope this helps you out.

Sovjohn · 19 Apr 2018

For reference, I deleted the srudb.dat file in /system32/sru and the problem went away. It had become a 16GB file for some reason...seems alright now.

EdTittel · 19 Apr 2018

Normal/typical size is more like 90-100 MB (just check 3 of my PCs and all were in the 97 MB ballpark). You'll be pleased to read that the typical solution to this kind of problem is indeed to delete that file. When it starts growing uncontrollably, seems most likely to be caused by file damage or corruption. Once deleted, it will re-create itself anyway. See this other TF thread for more discussion: Anyone else have this SRUDB.dat error all the time? - Windows 10 Forums.
HTH,
--Ed--

Girofox · 25 Jun 2018

Hello, i finally found the solution for the problem! The dps service constantly creates log files in folder "C:\Windows\system32\sru" every second. This leads to high disk usage and the folder becomes very large, multiple Gigabytes of data. Force stopping the service and then deleting this folder fixes the problem. The folder is not created anymore when you start the service. You must stop the service before deleting the folder.

I made a batch file which stoppes the service and prompts the user to delete the folder. Then the service is startet again. Just create a text file and insert following code. Then save as .bat file. You need to start the bat as admin though.

Use attached bat or make own bat with code below

Code:

@echo off
echo ... Set DPS service start type to manual ...
echo.
sc config DPS start= demand

echo.
echo ... Find PID of DPS service ...

for /f "tokens=2 delims=[:]" %%f in ('sc queryex dps ^|find /i "PID"') do set PID=%%f

echo.
echo ... Kill DPS service
echo.

taskkill /f /pid %PID%


echo.
echo ... Delete sru Folder ...
echo.

rd /s "%windir%\system32\sru"

echo.
echo ... Set DPS service start type to auto ...
echo.
sc config DPS start= auto

echo.
echo ... Start DPS service ...

sc start DPS
echo.

pause

fixDPSservice.zip

arso96 · 11 Nov 2018

I fixed my problem another way, apparently somehow a rootkit was causing the problem? It started out as a problem with all regular google sites, ads and services not being able to be displayed on my browser. I searched the web for answers and found that someone else had the exact same problem and used a combination of Rkill and TDSKill executable programs to stop malware processes and remove rootkits.I never thought of this before because i had no idea what a rootkit was. After rebooting google worked fine and i found that the particular service host.exe file that had been causing me so much trouble was gone and not running, also my computer runs smoother than ever!

BigFatBoy · 19 Jan 2019

Settings/Privacy/General (change privacy options/ turn All OFF
Settings/Privacy/Windows Permissions/ turn All OFF
Settings/Privacy/App Permissions/ turn All OFF
Restart your PC